Power Users are Admins who have not made themselves admins yet

Return Quickbooks for Refund

Tales from the Crypto — Mon, 13 Mar 2006 22:44:16 GMT

I was going to title this post "Microsoft Representative Says to Return Quickbooks for Refund".&nbsp;...

re: Power Users are Admins who have not made themselves admins yet

BOFH — Tue, 14 Mar 2006 11:35:33 GMT

Even regular Users are Admins who have not made themselves admins yet....

re: Power Users are Admins who have not made themselves admins yet

JB — Wed, 15 Mar 2006 17:39:02 GMT

I know better than to put users in the Power Users group, for the reasons you described. My question is, what is the purpose of this group in the first place?

re: Power Users are Admins who have not made themselves admins yet

jesper — Thu, 16 Mar 2006 08:39:02 GMT

BOFH, that is partially true. One might argue, for instance, that any user with physical access to the computer is an admin who haven't made themselves an admin yet.

The Power Users group was added long ago to provide a way to run applications that were written assuming elevated privileges. Over time, more and more things were added to the rights of that group and fairly quickly it went past the point where the group provided any isolation. Since then it has been there only for backward compatibility.

re: Power Users are Admins who have not made themselves admins yet

Steve Riley — Mon, 20 Mar 2006 08:43:01 GMT

It's very simple, really, and I can even put it in simple language.

admin = God
power user = Christ

And, according to the literature,

Christ = God

It follows, therefore, that:

power user = God

re: Power Users are Admins who have not made themselves admins yet

lpiatek — Fri, 24 Mar 2006 08:28:17 GMT

Christ isn't God! Read John 14:28..

re: Power Users are Admins who have not made themselves admins yet

Where can I return my Microsoft Software? — Sat, 25 Mar 2006 14:53:05 GMT

Really good points, and I could agree with you more. I'm very ready to implement and also to advise my peer consultants to lower the Domain Users default additionally assigned Local Administrator group down to the Local User level. But if I do that in my SBS 2003 deployment things like Remote Web Workplace no longer work. Yes it is a nasty predicament because that is the number one coolest thing that customers like about SBS ...and there is no comparable competitive product. Plz I'd rather Microsoft fix this not provide refunds and returns.

re: Power Users are Admins who have not made themselves admins yet

Susan — Sat, 25 Mar 2006 20:47:18 GMT

RWW doesn't need admin rights other that to initially get the Active X controls on the box in the first place.

Most software needs admin rights to get the software 'on' the box, after that they don't need normal admin to run.

Software typically always needs rights to install, it should not need rights to run.

re: Power Users are Admins who have not made themselves admins yet

Scott — Sun, 26 Mar 2006 07:41:45 GMT

This is a great thread and article...most of us know this stuff but need to be hit over the head and reminded where we maybe going wrong. Keep up these great articles Jesper I really enjoy reading and getting your perspective.

re: Power Users are Admins who have not made themselves admins yet

Susan — Sun, 26 Mar 2006 08:00:18 GMT

http://www.sbslinks.com/RWW-LUA.htm

Remote web workplace as LUA.

It works.

The problem is not hacking up the registry, I would argue.. but knowing if what we're hacking is ends up making our systems more insecure.

re: Power Users are Admins who have not made themselves admins yet

wkasdo — Wed, 29 Mar 2006 10:47:08 GMT

Here is the relevant KB. Helpful if you need to sell this.

http://support.microsoft.com/default.aspx?scid=kb;en-us;825069

re: Power Users are Admins who have not made themselves admins yet

kbiel — Tue, 02 May 2006 02:28:44 GMT

Sorry for the OT response, but someone else started it :p

lpiatek: Read just a few chapter back: http://www.biblegateway.com/passage/?book_id=50&chapter=10&verse=30&version=31&context=verse

Now back to your regularly scheduled topic...

While no security system will ever be foolproof, Windows will remain will continue to contain more holes than the titanic as long as MS insists on full backwards compatibility in each release of the OS. I read Raymond Chen's blog regularly and I appreciate the immensity of the problem with breaking backwards compatibility, but there are ways to mend the API (or restructure it entirely) using VMs and compatibility subsystems. Yes, they make the legacy programs run slower or in some crippled fashion, but it has got to be better than the current veneer of security we have to endure because Company X refuses to part with application Y that was written for Windows 3.11.

BAD TROUBLESHOOTING 101 (part 3 of many) Everyone's a local admin!!

Shawn's résumé writing prevention tips — Thu, 06 Jul 2006 14:59:57 GMT

&nbsp;
OK.&nbsp; gripe time.&nbsp; One of my co-workers was asked by a customer, "Can you prevent a...

The Power in Power Users

Mark's Blog — Sun, 05 Nov 2006 20:30:22 GMT

Placing Windows user accounts in the Power Users security group is a common approach IT organizations

RWPT - BAD TROUBLESHOOTING 101 (part 3 of many) Everyone's a local admin!!

Shawn's MIIS/ILM tricks, PKI Hints, and Résumé Writing Prevention Tips — Fri, 07 Dec 2007 12:56:44 GMT

OK. gripe time. One of my co-workers was asked by a customer, "Can you prevent a local admin from deselecting

Plan now to eliminate "power users" from your domains

Steve Riley on Security — Mon, 11 Feb 2008 21:03:20 GMT

I've seen some conversations lately about the Power Users group -- how powerful is it, really, and why

Plan now to eliminate "power users" from your domains | Secure Software Engineering Blog

Sun, 02 Mar 2008 21:59:55 GMT

PingBack from http://www.secure-software-engineering.com/2008/03/02/plan-now-to-eliminate-power-users-from-your-domains/

Опыты над опытными пользователями

Mark Russinovich по-русски — Wed, 12 Nov 2008 01:42:07 GMT

Организации часто присоединяют учетные записи пользователей Windows к группе безопасности «Опытные

user | keyongtech

user | keyongtech — Thu, 22 Jan 2009 05:01:29 GMT

PingBack from http://www.keyongtech.com/2507723-user

ServBit everything about Linux/Windows Server Administration , experts community » Blog Archive » Power Users — Advantages & Disadvantages , OS Network Security, Web Hosting ,

Sun, 31 May 2009 13:05:52 GMT

PingBack from http://www.servbit.com/2849_power-users-advantages-disadvantages.html